Security Incidents mailing list archives
Re: Possible DDos Network Creation with ssh crc exploit
From: Ryan Russell <ryan () securityfocus com>
Date: Tue, 13 Nov 2001 22:32:02 -0700 (MST)
On Wed, 14 Nov 2001, Nick FitzGerald wrote:
Or this? http://www.securityfocus.com/archive/75/177265 Searching Google for "carko ddos" got quite a few hits...
More to the point: http://www.securityfocus.com/archive/75/177587 To summarize, "Carko" was a very slightly customized version of "Stacheldraht v1.666 + antigl + yps Distributed Denial of Service Tool", as found in the Packetstorm archives, among other places. In another instance, a file named carko was something entirely different. In neither case was there a self-spreading vector. In other words, there was at least one attacker out there who broke into systems by hand, and liked to name files "carko". At the time, the attacker seemed to be gaining access primarily through an unreleased exploit for the snmpXdmid hole. After some checking, it was discovered that there were at least 5 different snmpXdmid exploits in existance. I believe Sun finally patched the hole last month. Ryan ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Possible DDos Network Creation with ssh crc exploit Mike Grantham (Nov 13)
- Re: Possible DDos Network Creation with ssh crc exploit Jose Nazario (Nov 13)
- Re: Possible DDos Network Creation with ssh crc exploit Nick FitzGerald (Nov 13)
- Re: Possible DDos Network Creation with ssh crc exploit Ryan Russell (Nov 14)